NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-48939

Summary	A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
Publication Date	June 20, 2026, 10:16 p.m.
Registration Date	June 27, 2026, 4:07 a.m.
Last Update	June 25, 2026, 2:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.icagenda.com/	security@joomla.org
2	https://mysites.guru/blog/icagenda-zero-day-file-upload-rce/	134c704f-9b21-4f2e-91b3-4a467353bcc0
3	https://www.icagenda.com/docs/changelog/icagenda-3-9-15	134c704f-9b21-4f2e-91b3-4a467353bcc0
4	https://www.icagenda.com/docs/changelog/icagenda-4-0-8	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-284	不適切なアクセス制御	https://cwe.mitre.org/data/definitions/284.html